Article Content

Version 10.6.x.x of the RSA NetWitness Platform and prior deployments will encounter certificate validation failures for all RSA NetWitness Live Services provided by cms.netwitness.com after 16 February 2020.

Cause

The certificate update on 16 February 2020 changes the cms.netwitness.com certificate issuer from GoDaddy to Entrust. RSA NetWitness Platform 10.6.x.x and prior deployments do not contain Entrust Root Certificate.

Resolution

If you receive a password error when performing steps that change the keystore, confirm that the keystore password has not changed from the default of changeit. If it has changed, replace -storepass changeit with -storepass <custom password> in the commands that are outlined in this document.

Install the Entrust CA Certificate on RSA NetWitness 10.6.x.x and prior deployments by performing the following steps:

Download the Entrust CA certificate (Entrust Root Certificate Authority—G2) available at Entrust Root Certificate Download. The Download button for the certificate should be toward the bottom of the page.

SSH to the RSA NetWitness Admin (UI) server. Run the following command that prints the fingerprint/thumbprint of the entrust-g2 certificate if it exists in the current keystore.

Note: If the certificate is not already installed, an exception error is displayed about the certificate not existing or loading.